Total
1090 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14981 | 1 Vipre | 1 Password Vault | 2024-08-04 | 5.9 Medium |
| The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. | ||||
| CVE-2020-14039 | 2 Golang, Opensuse | 2 Go, Leap | 2024-08-04 | 5.3 Medium |
| In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. | ||||
| CVE-2020-13955 | 1 Apache | 1 Calcite | 2024-08-04 | 5.9 Medium |
| HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore. | ||||
| CVE-2020-13615 | 1 Qore | 1 Qore | 2024-08-04 | 5.9 Medium |
| lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates. | ||||
| CVE-2020-13614 | 3 Axel Project, Fedoraproject, Opensuse | 4 Axel, Fedora, Backports Sle and 1 more | 2024-08-04 | 5.9 Medium |
| An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification. | ||||
| CVE-2020-13645 | 5 Broadcom, Canonical, Fedoraproject and 2 more | 6 Fabric Operating System, Ubuntu Linux, Fedora and 3 more | 2024-08-04 | 6.5 Medium |
| In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity. This is in contrast to its intended documented behavior, to fail the certificate verification. Applications that fail to provide the server identity, including Balsa before 2.5.11 and 2.6.x before 2.6.1, accept a TLS certificate if the certificate is valid for any host. | ||||
| CVE-2020-13616 | 1 Pichi Project | 1 Pichi | 2024-08-04 | 5.9 Medium |
| The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification. | ||||
| CVE-2020-13482 | 3 Em-http-request Project, Fedoraproject, Redhat | 3 Em-http-request, Fedora, Openstack-optools | 2024-08-04 | 7.4 High |
| EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | ||||
| CVE-2020-13254 | 7 Canonical, Debian, Djangoproject and 4 more | 8 Ubuntu Linux, Debian Linux, Django and 5 more | 2024-08-04 | 5.9 Medium |
| An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0.7. In cases where a memcached backend does not perform key validation, passing malformed cache keys could result in a key collision, and potential data leakage. | ||||
| CVE-2020-13245 | 1 Netgear | 28 R6120, R6120 Firmware, R6220 and 25 more | 2024-08-04 | 5.9 Medium |
| Certain NETGEAR devices are affected by Missing SSL Certificate Validation. This affects R7000 1.0.9.6_1.2.19 through 1.0.11.100_10.2.10, and possibly R6120, R7800, R6220, R8000, R6350, R9000, R6400, RAX120, R6400v2, RBR20, R6800, XR300, R6850, XR500, and R7000P. | ||||
| CVE-2020-13163 | 1 Em-imap Project | 1 Em-imap | 2024-08-04 | 7.4 High |
| em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | ||||
| CVE-2020-12681 | 1 3xlogic | 2 Infinias Eidc32, Infinias Eidc32 Firmware | 2024-08-04 | 7.5 High |
| Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices through 3.4.125 allows an attacker to intercept/control the channel by which door lock policies are applied. | ||||
| CVE-2020-12637 | 1 Zulipchat | 1 Zulip Desktop | 2024-08-04 | 9.8 Critical |
| Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | ||||
| CVE-2020-12614 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-08-04 | 7.8 High |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | ||||
| CVE-2020-12421 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-08-04 | 6.5 Medium |
| When performing add-on updates, certificate chains terminating in non-built-in-roots were rejected (even if they were legitimately added by an administrator.) This could have caused add-ons to become out-of-date silently without notification to the user. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||||
| CVE-2020-12143 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-08-04 | 6 Medium |
| The certificate used to identify Orchestrator to EdgeConnect devices is not validated, which makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted Orchestrator. | ||||
| CVE-2020-12144 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-08-04 | 6 Medium |
| The certificate used to identify the Silver Peak Cloud Portal to EdgeConnect devices is not validated. This makes it possible for someone to establish a TLS connection from EdgeConnect to an untrusted portal. | ||||
| CVE-2020-11806 | 1 Mailstore | 1 Mailstore Server | 2024-08-04 | 5.9 Medium |
| In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | ||||
| CVE-2020-11792 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2024-08-04 | 7.5 High |
| NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | ||||
| CVE-2020-11617 | 2 Philips, Thomsonstb | 4 Dtr3502bfta Dvb-t2, Dtr3502bfta Dvb-t2 Firmware, Tht741fta and 1 more | 2024-08-04 | 5.9 Medium |
| The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top boxes doesn't validate the SSL certificates of RSS servers, which allows a man-in-the-middle attacker to modify the data delivered to the client. | ||||